**FOR IMMEDIATE RELEASE — SOURCE: [REDACTED]**
**CYBER BULLETIN: “GHOST IN THE INBOX” — FBI Warns Outlook & OneDrive Users of “Passive Harvesting” Bug**
🚨 **OFF-THE-RECORD** 🚨
Sources deep within the Bureau’s Cyber Division have confirmed a shocking, unpublicized alert: A sophisticated, zero-click exploit has been silently weaponizing the *sync engine* between Microsoft Outlook and OneDrive. The flaw is not a traditional virus—it’s a *data ghost*.
Here’s what they won’t tell the public yet:
**The Mechanism:**
- The exploit doesn’t break encryption. It **piggybacks** on the legitimate background sync process between Outlook attachments and OneDrive’s cloud cache.
- Once activated, the malware—codename **“EchoLink”**—creates a hidden, parallel container in your OneDrive. It scrapes every attachment sent or received in the last **180 days**.
- The kicker? It leaves no log entry. The Windows Event Viewer shows clean records. The FBI only found it by analyzing obscure **telemetry differentials** in Office 365 admin logs.
**The Payload:**
- Victims report no system slowdown. No pop-ups. No ransom note.
- Instead, the malware transmits only **“high-value”** files (financial spreadsheets, .pdf contracts, .pst email archives) via fragmented, encrypted TCP packets to a series of rotating residential proxies in Eastern Europe.
- The FBI’s internal memo explicitly warns: “Do not reformat infected drives. The artifact is persistent in the **OneDrive recycle bin metadata**.”
**The Silence:**
- Microsoft has been briefed. They have not issued a patch. The official line? “Best practices for cloud hygiene.”
- The Bureau is terrified of tipping off the threat actors.